Wind River VXWorks IPnet TCP/IP STACK Vulnerabilities

Name

Wind River VXWorks IPnet TCP/IP STACK Vulnerabilities

Tracking Number

2019-001

First Publish Date

29 Jul 2019

Date of Current Status

24 Apr 2020

Next Planned Update

N/A

Description

A number of vulnerabilities in Wind River’s VXWorks IPnet TCP/IP Stack implementation have been reported. These vulnerabilities could allow attackers to hijack existing TCP sessions to inject packets of their choosing or cause Denial of Service attacks.

Currently available information suggests potential for buffer/heap overflows, race conditions, and NULL-pointer dereferencing that cause system or applications to crash or network connectivity issues due to improper network packets being sent. Current information also suggests access to the local LAN segment would be necessary for exploitation.

The 11 CVEs that were reported for these flaws are CVE-2019-12255 through CVE-2019-12265. Exploitability scores are not yet available for these CVEs.

One of more of these 11 vulnerabilities may affect products with the following:

All versions of VxWorks under CURRENT support (6.9.4.11, Vx7 SR540, Vx7 SR610)

Older, End-of-Life versions of VxWorks back to 6.5

All versions of the discontinued product Advanced Networking Technology (ANT)

IPnet when sold as a standalone TCP/IP network stack

The VxWorks bootrom network stack

VXWorks 5.3 through 6.4 and all VXWorks Cert versions are NOT affected by these 11 vulnerabilities.

What is Xerox Doing About This?

Xerox is working closely with Wind River and we will continue to monitor the situation as more information is provided by Wind River and the security researchers who reported the vulnerabilities.

Plans are underway to implement the patches created by Wind River to address the affected Xerox products. Software releases containing the fixes for these vulnerabilities will continue to be rolled out.

What Should You Do?

Wind River recommends that the following mitigations be performed for all products until patches become available:

Make sure to place your devices behind an external firewall and add a rule to drop/block any TCP-segment where the “Urgent Data” flag URG-flag isset.

If your VXWorks version has an internal firewall, make sure that it is also enabled and add the rule to drop/block any TCP-segment where the “Urgent Data” flag URG-flag is set adding the following rule: ‘block in quick proto tcp all flags U/U’.

Always consult your IT department as appropriate.

This notice will be updated as further information becomes available. Please visit the Xerox Security Web Site at https://www.xerox.com/Security for additional updates.

Security Solutions for Documents and Printing

Security is critical to every business, and we take it seriously at Xerox.